Skip to main content
Skip table of contents


Lucidum is a Cyber Asset Attack Surface Management (CAASM) platform that discovers every asset, every account and user, classifies newly discovered data, and calculates risk so you can be better prepared.

Lucidum is SaaS-based and requires minimal configuration or maintenance for customers.

Lucidum ingests read-only data from IT, operations, security, and HR solutions, and structured and unstructured data from data lakes.

After Lucidum ingests data from your environment, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.

The Lucidum platform enables security, IT, and other teams to:

  • Discover and describe previous unknowns — assets, users, data

  • Identify risks such as unmanaged assets, unmanaged users, missing agents, outdated OS, expired certificates, and more

  • Develop unique insights from de-duped and triangulated tech stack information

  • Manage IT assets and vulnerability

  • Enhance data security

  • Manage user onboarding and offboarding

  • Accelerate alert triage, incident response, investigation, and remediation

  • Meet compliance requirements

  • Classify unstructured file information to help manage data access

  • Ensure consistent versioning and upgrade


Lucidum is SaaS-based and requires minimal configuration or maintenance for customers.

Assets, Users, Data, Vulnerabilities, and Risk

Lucidum discovers all assets, users, data, and vulnerabilities and uses these inputs to calculate risk.

  • Asset. An entity that stores, transmits, or processes data, including laptops, workstations, servers, virtual machines, cloud instances, docker containers, and more

  • User. An entity that is authenticated into the enterprise environment (logs in) and can access assets. Users include active directory users, VPN users, MFA users, Intune users, IAM and cloud IAM users, and more.

  • Data. An entity that is identified and associated with a certain data category (by department) and data classification. Lucidum data classifications, in ascending order from least risk to most risk: public (lowest risk), private, confidential, restricted (highest risk). For example, one user may be accessing confidential product source codes, or one asset may be storing restricted PCI data.

  • Vulnerabilities. Lucidum uses publicly available databases to monitor and discover Common Vulnerabilities and Exposures (CVEs) in your environment. CVEs are publicly disclosed security flaws.

  • Risk. Lucidum includes multiple risk measurements for assets and users. You can use these risk measurements to prioritize ­assets and users that require analysis and possible mitigation.


Connectors enable Lucidum to ingest read-only data from your environment and discover, identify, and classify assets, data, and users.

Lucidum includes pre-built connectors for the most commonly used solutions for security, vulnerability scanning, cloud, data warehouse, identity management, logs, network, endpoint management, IP management, file sharing, and devops.

The current list of Connectors reflects all the Connectors currently in production at customer sites. With over 300 connectors, we’re sure we have yours. And if we don’t have your connector, we guarantee a 2-day turnaround for new connectors.

For details about connectors, see Connectors.

Lucidum’s Machine Learning

Lucidum fills the gaps between security solutions. After ingesting data from connectors, Lucidum enriches that data through machine learning. After ingestion, Lucidum:

  • Deduplicates records. For example, suppose an asset uses DHCP. Suppose Lucidum ingests different information about that asset each day. However, each day, that asset will lease a new IP address. Instead of creating multiple asset records, Lucidum creates a single record for that asset. The single record includes all the IP addresses associated with the asset over time.

  • Triangulates records. Suppose a single user appears in multiple solutions with multiple versions of a user name. For example, suppose Lucidum ingests a different name from Azure AD, GitHub, and Intune. Suppose Lucidum ingests the names “John.Smith”, “SmithJ”, and “”. Lucidum creates a single entry for that user with a single user name and enriches the user record with information from Azure AD, GitHut, and Intune.

  • Aggregates records. Suppose Lucidum ingests data about an asset from CarbonBlack, Tenable, Intune, VMware, and InfoBlox. Each data source provides some information. Some of these data sources provide unique information. For example, one solution might provide OS and version, another solution might provide vulnerabilitites, another solution might provide hardware information, another solution might provide application data, and another solution might provide cloud information. Lucidum creates a single asset record that aggregates all the data from the multiple solutions.


Dashboards provide real-time insights into your assets, users, and data. Each dashboard includes dynamic data, customized to your requirements. Dashboards provide at-a-glance visibility into the assets, users, and data in your environment and the policies or compliance that matters most to you.

Lucidum includes pre-built dashboards, called Value-Oriented Dashboards or VODs. You can easily edit these dashboards to suit your needs or easily create your own custom dashboards.

For details about dashboards, see Dashboards.


Lucidum includes automated actions that aid in continuous monitoring and remediation. These actions are easy to configure and can run as frequently as needed.

Actions include sending email messages, posting a message to slack, creating tickets, isolating infected devices, or making changes to Active Directory, among other options.

For example, you can define an action that sends a slack message to the IT team if Lucidum discovers one or more assets without endpoint protection.

For details about actions, see Actions.


Lucidum can run headless, providing all the benefits of Lucidum without requiring your IT team to learn a new interface. Using webhooks, Lucidum can send data from the Lucidum platform to other solutions in your environment.

Lucidum webhooks are especially useful for integrations with SIEMs and data lakes. For example, you could send a webhook that contains information about all newly discovered assets from Lucidum to a SumoLogic instance. SumoLogic could then display this information in a dashboard.

For details about webhooks, see Running Headless with Webhooks.


Lucidum includes APIs that allow access to the data in the Lucidum database. The APIs are useful for integrations with other solutions. For details, see APIv2.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.